My organization is currently using a hosted Exchange solution through a third-party, but, due to regulatory reasons, we have a strong need for encrypted email, and the ability to archive the post office. Not aware of any ISPs providing such a service, so does this make in-house Exchange the only viable option?

5 Replies

I don't know what your specific regulatory needs might be, but I can tell you a bit about how our Secure Hosted Exchange offering handles those needs.

We partner with Global Relay to offer journaling for regulatory compliance.

I'm not sure what level of encryption you need, but we send mail via TLS by default to meet individual state regulations (and just because we feel this is a good practice). If you need mailbox to mailbox encryption we offer CipherPost, which requires the sender to login to view the secure message.

I haven't gone too in depth, so if I can answer any other questions please let me know. I know some other Spiceheads will have some input too.

Agree with Shane. TLS is TLS is TLS. Doesn't matter if hosted or not. And if you're talking about some sort of super-secure brand new encryption method, then I'd call those ten people you can email and ask what they're using.

No, I'd think they're just spreading some FUD.

And as Shane said, there are archival vendors you can hire. Quite a few, in fact. I recently attended a presentation by Jatheon that was positively mind blowing. The cost was, too, unfortunately, but still.

The reasons to go internal vs external are for things like proprietary applications, bandwidth concerns, and direct access to/control over the hardware. Remember, email is an internet protocol, so there's really no such thing as 'non-hosted'. The question, then, becomes only who can do a better job of hosting it and at what costs, features, etc. When it comes to the basics, like security, I would think you'd find it quite easy to find a vendor meeting those needs.

Great points! The concern is ultimately who "physically holds" the data, but when it comes down to it, it doesn't matter if the hosted vendor can show the proper safeguards and can show that we (the owner of the data) can easily retrieve it if necessary. Any thoughts about Gmail with Postini?

1st Post

Ken,

There are hosted Exchange providers who offer regulatory compliant email encryption and archiving as well. 123Together.com offers hosted encryption compliant with HIPAA, various regulations for financial services firms, or Mass. law CMR 17.00 (that requires encryption of all emails if you have customers in Massachusetts).

As far as archiving goes, as Shane said, the requirements may vary depending on the regulation - there are a few that require archiving, such as HIPAA, GLBA or even Federal Rules of Civil Procedure (FRCP) where archiving needs to allow you to implement a litigation hold for the relevant emails.

If this is of interest to you, let me know and I can put you in touch with someone to get a trial of these services.